+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| January 11th, 2002 Volume 3, Number 3a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for imp, horde, x-chat, gzip, glibc,
cipe, sudo, at, stunnel, NetBSD kernel, slashcode, pine, lids, groff,
bugzilla, and uuxqt. The vendors include Caldera, Conectiva, Debian,
EnGarde, Mandrake, NetBSD, Red Hat, Slackware, and SuSE.
FREE Apache SSL Guide from Thawte Certification - Do your online customers
demand the best available protection of their personal information?
Thawte's guide explains how to give this to your customers by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide
http://www.gothawte.com/rd176.html
Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
Save 10% and Free Shipping on all Guardian Digital Secure Servers!
http://store.guardiandigital.com
+---------------------------------+
| imp / horde | ----------------------------//
+---------------------------------+
The webmail frontend IMP has a cross site scripting problem, allowing a
remote attacker to send you an E-mail with a malformed URL that when
clicked on will open your mail session to the attacker, allowing him to
read and delete your E-mails.
Caldera OpenLinux:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
RPMS/horde-1.2.7-1.i386.rpm
53a9d75c760851f79fa72cb451416f96
RPMS/imp-2.2.7-1.i386.rpm
4bb1af4dcd98af6f168543476f691b95
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1798.html
+---------------------------------+
| X-Chat | ----------------------------//
+---------------------------------+
It is possible to trick XChat IRC clients into sending arbitrary commands
to the IRC server they are on, potentially allowing social engineering
attacks, channel takeovers, and denial of service. This problem exists in
versions 1.4.2 and 1.4.3.
Debian Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
xchat-gnome_1.4.3-1_i386.deb
MD5 checksum: 2eb90d6a77af6c2475a976d282d76377
http://security.debian.org/dists/stable/updates/main/
binary-i386/xchat-text_1.4.3-1_i386.deb
MD5 checksum: 9701ca60219d4ac8981293763474f14c
http://security.debian.org/dists/stable/updates/main/
binary-i386/xchat_1.4.3-1_i386.deb
MD5 checksum: 1a45ebe67bd4b495cbbd9b9e1517239e
XChat Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1802.html
+---------------------------------+
| gzip | ----------------------------//
+---------------------------------+
GOBBLES found a buffer overflow in gzip that occurs when compressing files
with really long filenames. Even though GOBBLES claims to have developed
an exploit to take advantage of this bug, it has been said by others that
this problem is not likely to be exploitable as other security incidents.
Debian Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/gzip_1.2.4-33.1_i386.deb
MD5 checksum: b61176ee1953b528e50268995e6c2505
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1803.html
+---------------------------------+
| glibc | ----------------------------//
+---------------------------------+
A buffer overflow has been found in the globbing code for glibc. This code
which is used to glob patterns for filenames and is commonly used in
applications like shells and FTP servers.
PLEASE SEE VENDOR ADVISORY
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1804.html
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-1800.html
+---------------------------------+
| cipe | ----------------------------//
+---------------------------------+
Larry McVoy found a bug in the packet handling code for the CIPE VPN
package: it did not check if a received packet was too short and could
crash.
Debian Architecture independent archives:
http://security.debian.org/dists/stable/updates/main/
binary-all/cipe-common_1.3.0-3_all.deb
MD5 checksum: bbfe46765a76bce4f4ce6f9855eee717
http://security.debian.org/dists/stable/updates/main/
binary-all/cipe-source_1.3.0-3_all.deb
MD5 checksum: c380864ae382aff742f08869f89848f6
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1805.html
+---------------------------------+
| sudo | ----------------------------//
+---------------------------------+
Sebastian Krahmer from SuSE found a vulnerability in sudo which could
easily lead into a local root exploit. This problem has been fixed in
upstream version 1.6.4 as well as in version 1.6.2p2-2.1 for the stable
release of Debian GNU/Linux.
Debian Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/sudo_1.6.2p2-2.1_i386.deb
MD5 checksum: 793c815263a64e63108628ed31537dfe
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1807.html
Mandrake 8.0:
http://www.mandrakesecure.net/en/ftp.php
8.0/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
6485ad4e345eb0e4920f856d65808235
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1816.html
NetBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/
packages-5-current/security/sudo-1.6.4.1.tgz
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1827.html
EnGarde sudo:
i386/sudo-1.6.4-1.0.6.i386.rpm
MD5 Sum: 83fceade44a6d263647653351c2acade
i686/sudo-1.6.4-1.0.6.i686.rpm
MD5 Sum: 8b8c9344cbc950cd9fd4f2fc1c3136f8
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1809.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
sudo-1.6.4p1-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
sudo-doc-1.6.4p1-1U70_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1813.html
SuSE i386 Intel Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/
ap1/sudo-1.6.3p7-71.i386.rpm
b98f00f761274530bfad3486253bed53
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1806.html
Red Hat i386:
ftp://updates.redhat.com/7.2/en/os/i386/
sudo-1.6.4-0.7x.2.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1812.html
+---------------------------------+
| at | ----------------------------//
+---------------------------------+
zen-parse found a bug in the current implementation of at which leads into
a heap corruption vulnerability which in turn could potentially lead into
an exploit of the daemon user.
Debain Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/
main/binary-i386/at_3.1.8-10.1_i386.deb
MD5 checksum: 8af8ea462718b6bee748b2a809834d2e
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1818.html
i386 Intel Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/
7.3/ap1/at-3.1.8-459.i386.rpm
db3d2bd38f81667dcece38d1c4a86725
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1817.html
+---------------------------------+
| stunnel | ----------------------------//
+---------------------------------+
All versions of stunnel from 3.15 to 3.21c are vulnerable to format string
bugs in the functions which implement smtp, pop, and nntp client
negotiations. Using stunnel with the "-n service" option and the "-c"
client mode option, a malicious server could use the format sting
vulnerability to run arbitrary code as the owner of the current stunnel
process. Version 3.22 is not vulnerable to this bug.
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1:
8.1/RPMS/stunnel-3.22-1.1mdk.i586.rpm
08204f11728f2c6b6152de9ebb562ac5
8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm
e85fbd3435759fa7b94bb5c371738b30
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1828.html
+---------------------------------+
| netbsd-kernel | ----------------------------//
+---------------------------------+
A process could exec a setuid binary, while gaining ptrace control over it
for a short period before the process was activated. The ptrace controller
process could then modify the address space of the controlled process and
abuse its elevated privileges.
PLEASE SEE VENDOR ADVISORY
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1826.html
+---------------------------------+
| slashcode | ----------------------------//
+---------------------------------+
Slash, the code that runs Slashdot and many other web sites, has a
vulnerability in recent versions that allows any logged-in user to log in
as any other user. This allows users to take nearly full control of a
Slash system (post and delete stories, posting stories, edit users, post
as other users, etc., and do anything that a Slash user can do) by logging
in to an adminstrator's Slash account.
PLEASE SEE VENDOR ADVISORY
Slashcode Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1799.html
+---------------------------------+
| pine | ----------------------------//
+---------------------------------+
There is a vulnerability in pine which can allow an attacker to execute
arbitrary commands on a victims machine by sending them a
specially-crafted URL which is then mishandled by pine's URL handling
code.
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/pine-4.33-1.0.6.i386.rpm
MD5 Sum: 4b1d60e1e7ccb3a8a511db42877f0b15
i686/pine-4.33-1.0.6.i686.rpm
MD5 Sum: 995ed060b84adb05b5b274d353becd91
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1810.html
Slackware Updated pine package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/
slackware-8.0/patches/packages/pine.tgz
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-1801.html
+---------------------------------+
| lids | ----------------------------//
+---------------------------------+
Recently there were several local vulnerabilities discovered in the LIDS
system used by EnGarde Secure Linux which could allow an attacker to gain
root, and even disable LIDS completely.
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
PLEASE SEE VENDOR ADVISORY
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1811.html
+---------------------------------+
| groff | ----------------------------//
+---------------------------------+
New groff packages have been made available that fix an overflow in groff.
If the printing system running this is a security issue, it is recommended
to update to the new, fixed packages.
Red Hat i386: 7.2
ftp://updates.redhat.com/7.2/en/os/i386/
groff-1.17.2-7.0.2.i386.rpm
f3181dd6c32ffc9478721244b77c89af
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1808.html
+---------------------------------+
| bugzilla | ----------------------------//
+---------------------------------+
This new version fixes several security issues discovered since version
2.14 was released, which are too serious to wait for the upcoming 2.16
release.
Red Hat Powertools 7.1:
noarch:
ftp://updates.redhat.com/7.1/en/powertools/noarch/
bugzilla-2.14.1-2.noarch.rpm
dd9607075ee2e4186f153b5587fb8ec0
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1814.html
+---------------------------------+
| uuxqt | ----------------------------//
+---------------------------------+
uuxqt in Taylor UUCP package does not properly remove dangerous long
options, which allows local users to gain uid and gid uucp privileges by
calling uux and specifying an alternate configuration file with the
--config option.
Red Hat Linux 7.2: i386:
ftp://updates.redhat.com/7.2/en/os/i386/
uucp-1.06.1-32.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1829.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:09:25 PST